From 5708e35ee04796d06ccf9eae606f82fb041a9cc9 Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Wed, 11 Mar 2020 11:39:28 +0100 Subject: [PATCH] Imported Upstream version 0.2 --- .travis.yml | 8 +++++--- mod_proxy_protocol.c | 8 ++++++-- mod_proxy_protocol.html | 24 ++++++++++++++++++++++-- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4ae464c..8023d57 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,8 +7,10 @@ compiler: install: # for unit tests - sudo apt-get install -y check + - sudo apt-get install -y libsubunit-dev # for static code analysis - - sudo apt-get install -y cppcheck rats + # - sudo apt-get install -y cppcheck + # - sudo apt-get install -y rats # for test code coverage - sudo apt-get install -y lcov - gem install coveralls-lcov @@ -23,8 +25,8 @@ script: - git clone --depth 10 https://github.com/proftpd/proftpd.git - cp mod_proxy_protocol.c proftpd/contrib/ - cd proftpd - - ./configure LIBS="-lm -lrt -pthread" --enable-devel=coverage --enable-tests --with-module=mod_proxy_protocol + - ./configure LIBS="-lm -lsubunit -lrt -pthread" --enable-devel=coverage --enable-tests --with-module=mod_proxy_protocol - make - make clean - - ./configure LIBS="-lm -lrt -pthread" --enable-devel=coverage --enable-dso --enable-tests --with-shared=mod_proxy_protocol + - ./configure LIBS="-lm -lsubunit -lrt -pthread" --enable-devel=coverage --enable-dso --enable-tests --with-shared=mod_proxy_protocol - make diff --git a/mod_proxy_protocol.c b/mod_proxy_protocol.c index 28bd7fe..36e9d7f 100644 --- a/mod_proxy_protocol.c +++ b/mod_proxy_protocol.c @@ -1,6 +1,6 @@ /* * ProFTPD - mod_proxy_protocol - * Copyright (c) 2013-2017 TJ Saunders + * Copyright (c) 2013-2020 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,11 @@ #include "conf.h" #include "privs.h" -#define MOD_PROXY_PROTOCOL_VERSION "mod_proxy_protocol/0.1" +#ifdef HAVE_SYS_UIO_H +# include +#endif /* HAVE_SYS_UIO_H */ + +#define MOD_PROXY_PROTOCOL_VERSION "mod_proxy_protocol/0.2" /* Make sure the version of proftpd is as necessary. */ #if PROFTPD_VERSION_NUMBER < 0x0001030504 diff --git a/mod_proxy_protocol.html b/mod_proxy_protocol.html index ddd2d00..10fa510 100644 --- a/mod_proxy_protocol.html +++ b/mod_proxy_protocol.html @@ -140,6 +140,27 @@ of LoadModule directives; the last of which would be: LoadModule mod_proxy_protocol.c +Note that using mod_proxy_protocol as a shared module +is required in cases where you want to use both +mod_proxy_protocol and mod_ifsession. For +example, perhaps you want to use mod_ifsession to change the +behavior of some module, e.g. mod_ban, based on the IP +address of the original client. This means that mod_proxy_protocol +would need to hande the connection first, so that it can decode the +PROXY protocol and set the correct client IP address. +However, the ProFTPD build system is hardcoded to ensure that the +mod_ifsession will always be first -- if using static +modules. By using shared modules, you can enforce the proper ordering +using the LoadModule directive, like so: +
+  <IfModule mod_dso.c>
+    ...
+    LoadModule mod_ifsession.c
+    LoadModule mod_proxy_protocol.c
+  </IfModule>
+
+The last module loaded will be the first module called. +

Trusting Senders of Proxy Data
Use of these proxy protocols means changes in audit trails and/or client @@ -227,11 +248,10 @@ to your existing server:

-© Copyright 2013-2017 TJ Saunders
+© Copyright 2013-2019 TJ Saunders
All Rights Reserved
-